[olug] VNC w/Qwest
Luke -Jr
luke at dashjr.org
Tue Oct 16 00:52:25 UTC 2007
On Monday 15 October 2007, Christopher Cashell wrote:
> On 10/15/07, Luke -Jr <luke at dashjr.org> wrote:
> > ICMP is a network infrastructure protocol. Networking standards assume it
> > is always in place. For example, DHCP uses pings to determine if an
> > address is in use. IP autoconfiguration generally will not work at all
> > without ICMP. Even if you do not need these standards, disabling ICMP is
> > still broken.
>
> DHCP and IP autoconfiguration are local network technologies, and not
> intended to be used across disparate networks or the Internet.
Well, I know of at least one case where blocking ICMP somehow prevented any
internet access from working. Once ICMP was allowed, everything worked fine.
> Like it or not, blocking ICMP at a border firewall is a valid technique for
> increasing security,
I don't see how it is has any legitimate purpose.
> and in this day of NAT and connection sharing/pooling, it's very often
> impossible to fully support Internet responding ICMP for all hosts on a
> network.
The day of NAT is gone. In this day of 128-bit addressing, every device should
have a globally routable address and properly respond to ICMP.
More information about the OLUG
mailing list